The CyberWire Daily Briefing 10.31.16

Summary

By The CyberWire Staff

South Korean sources report an increased tempo of North Korean cyberattacks. The targets are said to be largely defectors and rights groups.

Invincea researchers have discovered flaws in the Mirai IoT botnet-forming Trojan implicated in recent distributed denial-of-service attacks that had widespread effect. The stack buffer overflow flaw could be exploited to crash the attack process. Whether Invincea's discovery could be legally used against Mirai bots is another matter (and Invincea isn't necessarily recommending it, either): such use could constitute the sort of hacking back forbidden by the US Computer Fraud and Abuse Act.

Post mortems on the Dyn DDoS attacks of October 21 focused, properly enough, on users of common IoT devices leaving default factory passwords in place. But there are other issues of IoT security that fixing passwords won't touch—the ease with which such devices can be found through simple Shodan searches would be one; the economic forces driving enterprise users toward remote online management of IoT devices comprise another.

Shame (or, more probably, fear) in the gray market has led HackForums to remove "server stress testing" (generally regarded as a euphemism for DDoS for hire) from its offerings.

US election hacking fears persist; states seem ambivalent about accepted help from the Department of Homeland Security.

An ambiguously worded letter US FBI Director Comey sent Congress Friday suggests the Bureau is reopening investigation of former Secretary of State Clinton's emails.

Observers wonder how former NSA contractor Martin kept his Top Secret clearance as long as he did.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Denmark, Iceland, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Nigeria, Russia, Singapore, United Kingdom, and United States.

Two notes to our readers: First, we'll be in Washington, DC, this Wednesday and Thursday covering the SINET Showcase 2016. We'll be getting to know this year's SINET 16, some of the most innovative young companies in our industry.

And second, today is the last day of National Cyber Security Awareness Month. The theme of this final day is "building resilience in critical systems."

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Dale Drew of our partners at Level 3. He discusses concerns over the increased scale of online attacks. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Selected Reading

Cyber Trends

In a cyberwar (Military Embedded Systems) This is another broad, sticky, and complex topic, much like the previous article on cryptology. So, let’s get started by offering some definitions

Building the IoT monster (Help Net Security) When Mary Shelley wrote Frankenstein, she imagined the misguided doctor assembling his creature from dead body parts, who instead of elevating science, created something dark and terrible. A modern day Mary might well imagine the monster being assembled, not from arms and legs, from nanny-cams, door locks, and DVRs

Has AI (Finally) Reached a Tipping Point? (Wall Street Journal) After many years of promise and hype, AI seems to be finally reaching a tipping point of market acceptance

The New Intelligence Economy, And How We Get There (Next Platform) Earlier this month, Samsung acquired Viv, the AI platform built by the creators of Siri that seeks to “open up the world of AI assistants to all developers.” The acquisition was largely overshadowed by the more high-profile news of Samsung’s struggles with its Galaxy Note smartphone, but make no mistake, this was a bold and impactful move by Samsung that aggressively launches the company into the future of smart, AI-enabled devices

What can we do about the critical cybersecurity skills shortage? (Help Net Security) Tech-savvy youth could plug a widening skills gap as employers seek to combat the growing threat of cybercrime and avert mass disruption to public and private lives. But the industry is failing to provide a clear path for young people to find work, hone their skills, and serve society

Healthcare industry lacks basic security awareness among staff (Help Net Security) SecurityScorecard released a comprehensive analysis exposing cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies

America Isn’t Ready for a Cyberattack (Wall Street Journal) Security experts suggest ways of enhancing the nation’s defenses against hackers

Is Cybersecurity for the Nation's Critical Infrastructure Rooted In the Past? (SIGNAL) Efforts to increasingly digitize networks that run the nation’s critical infrastructure enterprises also are boosting attack surfaces and vulnerabilities in an enduring cybersecurity contest in which hackers target those weaknesses with an elevated furor, experts admonished during a panel discussion on the issue

Cyber hits cost Irish firms more than €1.7m (New Irish News) The cost to Irish businesses of cyber-related fraud has soared by almost 400pc in the space of just over two years

N159b lost to cyber crime in 13 Years, says Minister (Guardian) The Federal Government yesterday said not less than N159 billion has been lost to cyber crime in Nigeria in the last 13 years due mainly to Nigerians’ lack of technical knowhow to protect their online products and resources

Legislation, Policy and Regulation

Iceland's Pirate Party Gains Ground in Election (Motherboard) After near-constant exposure to the nausea-inducing dumpster fire that is the 2016 U.S. presidential race, it might be hard to grok that a movement of anti-establishment internet pirates has become one of the leading political parties of a small island nation

A Peek Into Singapore's New Cybersecurity Act. (Conventus Law) The Singapore Government announced earlier this year that a new, standalone Cybersecurity Act will be tabled in Parliament in 2017

Trump’s New Cyber Security Plan? (JDSupra) With the recent news regarding Yahoo’s massive data breach and the continuing posting of Clinton Foundation emails by Wikileaks, cybersecurity policy is beginning to get the discourse it is due. Secretary Clinton’s campaign was swift to publish a lengthy briefing on her cybersecurity policy agenda when she declared her candidacy

Pentagon won’t use robots that decide on their own when to kill (McClatchyDC) The Pentagon is devising some whiz-bang autonomous weaponry, but Defense Secretary Ash Carter said Friday that the U.S. military would never use robotic systems that decided on their own when to kill

Carter creates new DoD post: Chief Innovation Officer (Federal News Radio) With only a few months left before his tenure as Defense secretary expires, Ashton Carter took one more step to drive home his oft-repeated point that the notion that the Pentagon needs more “innovation” in its bloodstream, in case anyone has failed to take notice so far

Products, Services, and Solutions

ProtectWise CTO to Demonstrate Enterprise Security Platform at SINET Showcase (BusinessWire) ProtectWise, provider of the enterprise security platform that delivers pervasive visibility, was named a SINET 16 Innovator Award Winner and as such, CTO and Co-founder Gene Stevens will provide a demonstration of the capabilities and functionality of the ProtectWise Grid at the SINET Showcase in Washington D.C. on November 3

LogiLube to offer ironclad security based on Waterfall’s Unidirectional Security Gateway (Help Net Security) Waterfall Security Solutions announced a collaboration with LogiLube to protect LogiLube’s customers’ industrial sites from online cyber attacks

Trend Micro debuts XGen endpoint security (IT Online) Trend Micro Incorporated has announced the availability of XGen endpoint security

Praetorian Partners with Microsoft to Help Secure the Internet of Things (Consumer Electronics Net) Microsoft recognizes Praetorian as a "best-in-class" Internet of Things (IoT) global auditing partner and a founding member of its new Security Program for Azure IoT

Technologies, Techniques, and Standards

AGA improves gas infrastructure security with voluntary action commitments (Daily Energy Insider) Members of the American Gas Association (AGA) recently published a document detailing their commitment to the maintenance of high standards for cyber and physical security in order to protect the U.S. natural gas pipeline infrastructure from various threats

SWIFT implements new security to stop cyber attacks as hackers make millions (Windows Report) SWIFT is a system that operates as a means of communication between banks and financial entities around the globe

Solving the Microsoft Silverlight security issue in a few easy steps (Neurogadget) Many might not be aware of this, but using Microsoft Silverware can lead to serious malicious issues that can lead to security breaches that you wouldn’t want to have. Some have already experienced these problems at a degree or another, but in this quick guide we will see how we can solve the issue completely

Cyberproofing your homes (Inquirer) You can be at risk, even right within your own home

Keep your LinkedIn profile secure with the Kevin Bacon rule (Naked Security) LinkedIn has always been irresistible to cybercriminals and con artists

Keep your family safe with these security tips from Sophos (Naked Security) If you’re a regular Naked Security reader you’re probably already aware of Sophos Home – our free enterprise-grade security product for home users

Successful cybersecurity takes an all-hands-on-deck effort (Washington Technology) It is no secret that the cybersecurity workforce needs some support, and academia, industry and the government are working together to combat the scarcity of cybersecurity personnel

Marketplace

CenturyLink to Buy Level 3 Communications for $25 Billion (Wall Street Journal) Deal gives communications companies more heft in a competitive landscape

IBM’s Big Bet on Artificial Intelligence (Wall Street Journal) CEO Virginia Rometty describes the broad consumer impact of Watson

IBM: From Firing To Hiring Spree (Forbes) There was a time when International Business Machine Corporation (NYSE:IBM) was on a firing spree, letting thousands of people go as sales declined. That was prior to 2015, as the company was in the middle of a transition, scaling down its old computing business to plow resources into new business initiatives and prepare for the coming of the cognitive era

Recent Cyber Attacks Draw Focus To Undervalued Cyber Security Firm Palo Alto Networks (Seeking Alpha) Palo Alto Networks is trading near historical averages, with the market expecting ROA' to decline from 37% in 2016 to 16% in 2021, accompanied by 40% Asset' growth. However, management is confident in their product mix, as well as in the power of their synergistic endpoint and network solutions

Survey: Cyber coverage for businesses up 85 percent since 2011 (Property Casualty 360) But research from Zurich and Advisen also shows that the market is slowing

Tug of War: Cyberinsurance Vs. Cybersecurity (Investopedia) As cybercrime becomes a growing threat to organizations worldwide, the cybersecurity industry is positioned to gain significant upside from the spike in demand

Blockchain is empowering the future of insurance (TechCrunch) The embers of innovation are beginning to char the massive $1.2 trillion underbelly of the largest industry in the world

The SINET 16: These could be the hottest new tech firms in the cybersecurity industry (CTO Vision) The Security Innovation Network (SINET) is an organization on a particularly virtuous mission. It seeks to advance innovation and enable global collaboration between the public and private sectors to defeat cybersecurity threats

Nasdaq, Eric Schmidt's Innovation Endeavors and Israel Cybersecurity Foundry, Team8, Challenge Cybersecurity Paradigms at Rethink Cyber Event (PRNewswire) Capping cybersecurity awareness month, top enterprise security minds present new direction for the industry

Profiting From the Rage for Cyberdefense (Barron's) As hackers grow more aggressive, more and more money is pouring into cybersecurity. One company to target: Palo Alto Networks

Deloitte snaps up another Australian systems integrator (CRN) Global consultancy giant Deloitte has acquired Melbourne-based Plenary Networks for an undisclosed figure, with the system integrator set to join the firm on 1 November

Cyber Startups Graduate from Northrop-bwtech@UMBC Cyber Incubator Program (GovCon Executive) Australia-based iWebgate and Baltimore-headquartered Light Point Security have completed Northrop Grumman and bwtech@UMBC Speed Tomorrow‘s global cyber startup initiative

Google looks to Canada’s tech startup scene for help in its quest to conquer artificial intelligence (Financial Post) Google says machine learning is destined to become the next major disruptive technology

PhishMe Recognized by Gartner as a Leader in Magic Quadrant for Security Awareness CBT 2016 (BusinessWire) PhishMe positioned as a leader for ability to execute and its completeness of vision

Research and Development

Google AI invents its own cryptographic algorithm; no one knows how it works (Ars Technica) Neural networks seem good at devising crypto methods; less good at codebreaking

Colorado Springs company joins forces with academy to counter cyberattacks (Colorado Springs Gazette) Colorado Springs-based cybersecurity provider root9B announced Monday that it will work with the Air Force Academy to develop technology to counter cyberattacks

Security Patches, Mitigations, and Software Updates

Google to Make Certificate Transparency Mandatory By 2017 (Threatpost) Google is making Certificate Transparency mandatory for its Chrome web browser by October 2017. Google software engineer Ryan Sleevi made the announcement in conjunction with the CA/Browser Forum that took place in Redmond, Washington last week

Apple Patches iTunes, iCloud for Windows, Xcode Server (Threatpost) Apple’s iTunes and iCloud software for Windows PCs received updates on Thursday for vulnerabilities that could allow for the disclosure of personal information and arbitrary code execution

Cyber Attacks, Threats, and Vulnerabilities

North Korea amps up cyber attacks on defectors and rights groups (Daily NK) "North Korean hacking units have intensified their attacks on defectors and human rights groups in South Korea since August 2016. The sustained attacks typically continue until the target’s computer is under the full control of the hackers, with documents, videos and pictures seized in the process. While the South Korean government and private security firms are coming to the defense of these organizations to stave off further damage, defectors have not been afforded the same level of protection”

Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back (Theatpost) The Mirai botnet apparently has a weakness that could shut down its ability to flood targets with HTTP requests. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back

Assessing the Damage of Last Week's Powerful DDoS Attack (Redmond Magazine) The damage from last week's distributed denial-of-service attack suggests it was the most powerful to date and it could be a precursor to an even more sustained attack. A bipartisan committee of senators formed over the summer wants answers, but some critics want the government to act more swiftly. The incident also puts a spotlight on the vulnerability of Internet of Things-based components, ranging from sensors on gas meters to IP-connected webcams and thermostats. There are currently 6.4 billion IoT-connected devices in use and that figure is expected to grow to 20 billion by the year 2020, according to Gartner's most recent forecast

Why Cyber Security Experts are So Worried About Malicious Toasters (Inverse) "To say that it couldn't happen to us would be ridiculous"

Flaws in connected cameras, recorders broader than bad passwords (Christian Science Monitor Passcode) After last week's cyberattack leveraged insecure internet-connected devices to wage a denial of service attack, many experts urged consumers to change passwords. But that alone won't solve the problem

The IoT security doomsday is lurking, but we cannot talk about it properly (ZDNet) Something needs to be done to stop the IoT turning into the IoDDoS, but communication with lay people is all but impossible

When zombie computers attack: 4 nightmares CIOs must face (CIO Dive) Like a scary clown lurking in the shadows, CIOs face a number of terrifying potential threats this Halloween season. Avoiding the threats and protecting the enterprise is paramount, but what are the best ways to do so?

HackForums delete “Server Stress Testing” amidst links with Dyn DDoS Attack (HackRead) HackForums.net delete “Server Stress Testing” section amidst allegations of facilitating DDoS attacks

Octopus-Rex. Evolution of a multi task Botnet (This is Security) During the last decade, different types of malware have been targeting Linux servers; Elknot, Encoder, Mirai, LuaBot, NyaDrop, Gayfgt etc. Most of them are used for DDoS purpose but there are some exceptions. Rex is one of them

APAC malware and botnet threats charge ahead rest of the world (Security Brief) Fortinet's latest quarterly threat intelligence report has painted a picture of global trends in the cybersecurity sector, showing that malware and botnet threats in the Asia Pacific region are charging ahead more than anywhere else in the world

A collision of Chinese manufacturing, globalization, and consumer ignorance could ruin the internet for everyone (Quartz) On Oct. 23, one of the largest coordinated cyber attacks in history took down several major internet sites in the United States and Europe

US Voter Data Leaked Again; This Time Multiple States are Involved (HackRead) Just like American election 2016 the voters' data has also become a joke

Is this the email that hacked John Podesta's account? (CNN) A phishing email sent to Hillary Clinton campaign chairman John Podesta may have been so sophisticated that it fooled the campaign's own IT staffers, who at one point advised him it was a legitimate warning to change his password

WikiLeaks email dump a cautionary tale (Dayton Daily News) An ongoing WikiLeaks dump of Hillary Clinton campaign manager John Podesta’s emails shows how easy the public and even high-ranking officials fall victim to cybercrime “phishing” schemes

Experts say an Election Day cyberattack is inevitable (and not a big deal) (Mashable) As Election Day approaches, tension is rising. Schools are canceling classes. Investors are waiting cautiously. Law enforcement is on alert for violence at polling locations. And when what seemed like half the internet shut down last week, fear of a large-scale cyberattack joined that list

States unprepared for Election Day cyber attack (Politico) A Politico survey of battleground state election officials paints a troubling picture

Ahead of elections, states reject federal help to combat hackers (CBS News) CBS News has found that 11 states - including the battlegrounds of New Hampshire and Michigan - have not accepted the Department of Homeland Security’s help to try and bolster the cyberdefenses of their voter registration systems

Espionage group uses cybersecurity conference invite as a lure (Help Net Security) A cyber espionage group that has been targeting organizations in Southeast Asia for years is misusing a legitimate conference invite as a phishing lure to trigger the download of backdoor malware

Most unpatched Joomla sites compromised in latest wave of attacks (Help Net Security) If you run a Joomla-based website and you haven’t implemented the latest security release of the CMS, your site has been almost surely compromised

As the clocks go back, UK Apple users targeted by smishing campaign (Graham Cluley) Think before you click, and you too can avoid phishers

How security flaws work: SQL injection (Ars Technica) This easily avoidable mistake continues to put our finances at risk

Young, business-savvy hackers corner ransom market (Sunday Times) We tend to think of criminals as hardened men in masks climbing through windows to burgle homes and offices. In the world of cybercrime, they are more likely to be young hackers keeping to their own bedrooms, testing the limits of their computer skills

Electronic Arts, EA Servers Down Again (Updated) (HackRead) Users are tweeting that Electronic Arts (EA) servers are down — a recent tweet from EA says they are aware of the issue

Gaming Platforms Attacked, Customer Info Targeted (Wapack Labs) Cyber hacktivism, threat actor group activity, and online gaming often go hand-in-hand because many threat actors also play online games

Danish Payment Processing Firm Suffers Breach 100k Credit Cards Stolen (HackRead) Danish payment processing firm nets suspects losing 100,000 credit cards to hackers

Converse E-Commerce Site Hacked for Payment Info (Infosecurity Magazine) Australian fans of the iconic Converse All-Star sneaker brand beware: The company’s digital Oz outpost has been hacked

Academia

McAuliffe announces NSA Day of Cyber School Challenge in Virginia (Augusta Free Press) Governor Terry McAuliffe today announced the launch of Virginia’s NSA Day of Cyber School Challenge. The challenge begins today, as Cybersecurity Awareness Month in October concludes, and will run through the end of March 2017

IBM and the WMG Cyber Security Centre launch cyber security module (Consultancy.uk) To support businesses, governments and society deal with the ever increasing cost of cyber security breaches, the MSc in Security and Management at the University of Warwick Cyber Security Centre was developed

Exploring Cyber Security Education (The CyberWire) It’s no secret that cyber security is a hot field, with many more jobs available than qualified workers. So what’s the best way to become one of those qualified workers? In this CyberWire special edition, we look at some of the available options in cyber security education, we speak to the people who are teaching and designing the classes, and examine the creative ways people are trying to prepare the next generation of cyber security professionals

DHS cyber chief to young hackers: Help us protect the grid (+video) (Christian Science Monitor Passcode) At a hacking competition Passcode hosted in Washington, Phyllis Schneck said threats against critical infrastructure "keeps us up at night" – and encouraged young security researchers to partner with the government to help curtail the threat

Litigation, Investigation, and Enforcement

FBI reopens investigation into Clinton email use (Fox News) The FBI has reopened its investigation into Hillary Clinton’s use of a private server while secretary of state after discovering new emails, in a stunning turn of events just days before the presidential election

The Internet Muddles An Already Confusing FBI Investigation Into Clinton Emails (Wired) The Internet had infinite interpretations of a vaguely-worded letter FBI director James Comey sent to the House Judiciary Commitee Friday

FBI Obtains Warrant for Newly Discovered Emails in Clinton Probe — as Reid Accuses Comey of Hatch Act Violation (NBC News) The FBI obtained a warrant to search emails related to the Hillary Clinton private server probe that were discovered on ex-congressman Anthony Weiner's laptop, law enforcement officials confirmed Sunday

Heat Rises For FBI Director James Comey As Both Campaigns Demand Email Answers (Huffington Post) Top aides to Hillary Clinton and Donald Trump called on the FBI to come clean with voters

FBI in Internal Feud Over Hillary Clinton Probe (Wall Street Journal) Laptop may contain thousands of messages sent to or from Mrs. Clinton’s private server

New Emails in Clinton Case Came From Devices Once Used by Anthony Weiner (New York Times) Emails from Hillary Clinton’s private server were found after the F.B.I. seized electronic devices once shared by Anthony D. Weiner and his estranged wife, Huma Abedin, a top aide to Mrs. Clinton, federal law enforcement officials said Friday

The FBI has reopened its investigation into Hillary Clinton’s use of a private server while secretary of state after discovering new emails, in a stunning turn of events just days before the presidential election. (Washington Examiner) The FBI has told lawmakers that it has found more emails from Hillary Clinton's private email server

Hillary's emails matter: A retired CIA officer explains why (The Hill) The 2016 presidential election, already one of the wildest in American history, has been rocked by the announcement that the Federal Bureau of Investigation (FBI) is reopening its investigation into Hillary Clinton’s use of a private email server while Secretary of State

Man Accused of Stealing Top Secret Material to Remain Jailed (ABC News) A former National Security Agency contractor accused of stealing massive amounts of classified material will not be freed from jail while his case proceeds

N.S.A. Appears to Have Missed ‘Big Red Flags’ in Suspect’s Behavior (New York Times) Year after year, both in his messy personal life and his brazen theft of classified documents from the National Security Agency, Harold T. Martin III put to the test the government’s costly system for protecting secrets

NSA security gaps revealed after suspect arrested in breach (Seattle Times) Harold Martin III kept his security clearance despite a record that included drinking problems, unpaid tax bills and an episode in which he posed as a police officer

UK ‘USB Cufflinks’ Terror Suspect Faces March Trial (Infosecurity Magazine) A suspected Isis member who is alleged to have trained terrorists in encryption techniques is set to go on trial in March 2017

Inside Palantir’s War With the U.S. Army (Bloomberg Technology) The company’s lawsuit against the Army claims it was unfairly blocked from competing for a contract, and the decision is expected on Monday

Microsoft worker arrested for child porn after company's tip (KOMO News) A 49-year-old Microsoft employee has been arrested on investigation of child pornography after authorities received a tip from the company

InfoShot: The FBI’s Cyber’s Most Wanted (IDG Connect) The FBI’s Ten Most Wanted Fugitives is one of the most famous lists of criminals in the world. Hundreds of people have been added and removed from the list in its 66 years

Design and Innovation

WTF is the dark web? (TechCrunch) Maybe you heard your LinkedIn, Tumblr or Dropbox password was floating around there. Or maybe you read a news story about that guy who got busted for running Silk Road, that site that sold drugs and other illicit goods. Chances are, you’ve seen the words “dark web” splashed in a headline or heard them mentioned by a friend. But WTF is the dark web? How do you get there? And what makes it “dark”?

And Now A PREDATOR To Fight DNS Domain Abuse (Dark Reading) Researchers at Princeton and elsewhere demo a new tool for spotting people registering domains for malicious purposes

Why don't developers have a 'spellchecker' for security'? (CSO) Wouldn't it be nice if software developers had something like spellcheck, but instead of catching simple grammar mistakes, it caught basic security problems?

The Future of Privacy Is Plausible Deniability (Atlantic) In a hackable world where neither the NSA nor Sony Pictures nor John Podesta could safeguard their private communications, the surest way to keep data secure may be surrounding it with decoys

Here’s What Crypto Decentralists Think about the Block Size Debate (Cyrptocoin News) Ethereum hard forks might serve as an important lesson for Bitcoin about how such a technical change to a distributed system unfolds. Ethereum’s first hard fork, for instance, resulted in a competing Ethereum chain

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

IoT botnet DDoS post mortems and remediations--some of the latter may not be legal. US election hacking. FBI seems to have reopened Clinton email inquiry. Former NSA contractor case prompts speculation about what it takes to lose a clearance.